Well, you are mentioning the important ones. There's a minor difference
between 2000 and 2003/2008 permission requirements.
You should take a deeper look at the defaultSecurityDescriptor entry, KB
321476 - this entry handles permissions on newly created GPOs - so it's
"knows" what's neede :)
Have fun!
/Jakob H. Heidelberg
-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Neil Berry
Sent: 1. februar 2008 11:30
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] GPO Permissions
Hi all,
I wonder if anyone could help me with this. I am trying to reduce
access to the GPOs in a specific environment and want to trim the
permissions to a minimum without breaking anything !
I was intending to reduce permissions to the following
Authenticated Users : Read
Domain Admins: Full control
Enterprise Admins: Full Control
Group Policy Creator: Edit, delete, modify
But it looks like the following might be required ?
System : Full control
Enterprise Domain controllers: read
Are there any other specific permission requirements that anyone knows
about for particular policies ?
Thanks for any thoughts.
Neil
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************
